openvpn dropouts

[joele]

I have setup openvpn on my home asus router, but when I connect to it from MX it works for a few minutes (up to 5) and then drops the connection? does anyone know what is causing this? I have attached the daemon.log and can see there is an error towards the end as it drops out,
i just don't know what caused it?

Code: Select all

Dec  6 11:52:10 joellaptop nm-openvpn[16223]: OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Dec  6 11:52:10 joellaptop nm-openvpn[16223]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Dec  6 11:52:10 joellaptop nm-openvpn[16223]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Dec  6 11:52:10 joellaptop nm-openvpn[16223]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec  6 11:52:10 joellaptop nm-openvpn[16223]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
Dec  6 11:52:10 joellaptop nm-openvpn[16223]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:1194 [nonblock]
Dec  6 11:52:11 joellaptop nm-openvpn[16223]: TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:1194
Dec  6 11:52:11 joellaptop nm-openvpn[16223]: TCP_CLIENT link local: (not bound)
Dec  6 11:52:11 joellaptop nm-openvpn[16223]: TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Dec  6 11:52:11 joellaptop nm-openvpn[16223]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Dec  6 11:52:11 joellaptop nm-openvpn[16223]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Dec  6 11:52:11 joellaptop nm-openvpn[16223]: [DSL-AC52U] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
Dec  6 11:52:13 joellaptop nm-openvpn[16223]: TUN/TAP device tun0 opened
Dec  6 11:52:13 joellaptop nm-openvpn[16223]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 0 16217 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_44 --tun -- tun0 1500 1555 10.8.0.6 10.8.0.5 init
Dec  6 11:52:13 joellaptop nm-openvpn[16223]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
Dec  6 11:52:13 joellaptop nm-openvpn[16223]: GID set to nm-openvpn
Dec  6 11:52:13 joellaptop nm-openvpn[16223]: UID set to nm-openvpn
Dec  6 11:52:13 joellaptop nm-openvpn[16223]: Initialization Sequence Completed
Dec  6 11:52:13 joellaptop dbus-daemon[2533]: [system] Activating service name='org.freedesktop.nm_dispatcher' requested by ':1.7' (uid=0 pid=2813 comm="/usr/sbin/NetworkManager ") (using servicehelper)
Dec  6 11:52:13 joellaptop dbus-daemon[2533]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Dec  6 11:52:13 joellaptop nm-dispatcher: req:1 'vpn-up' [tun0]: new request (2 scripts)
Dec  6 11:52:13 joellaptop nm-dispatcher: req:1 'vpn-up' [tun0]: start running ordered scripts...
Dec  6 11:52:13 joellaptop nm-dispatcher: req:2 'up' [tun0]: new request (2 scripts)
Dec  6 11:52:13 joellaptop nm-dispatcher: req:2 'up' [tun0]: start running ordered scripts...
Dec  6 11:52:14 joellaptop ntpd[2850]: Listen normally on 48 tun0 10.8.0.6:123
Dec  6 11:52:14 joellaptop ntpd[2850]: Listen normally on 49 tun0 [fe80::44dc:e23f:520d:a4b4%24]:123
Dec  6 11:52:14 joellaptop ntpd[2850]: new interface(s) found: waking up resolver
Dec  6 11:54:30 joellaptop nm-openvpn[16223]: Connection reset, restarting [0]
Dec  6 11:54:30 joellaptop nm-openvpn[16223]: SIGUSR1[soft,connection-reset] received, process restarting
Dec  6 11:54:35 joellaptop nm-openvpn[16223]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec  6 11:54:35 joellaptop nm-openvpn[16223]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
Dec  6 11:54:35 joellaptop nm-openvpn[16223]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:1194 [nonblock]
Dec  6 11:54:36 joellaptop nm-openvpn[16223]: TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:1194
Dec  6 11:54:36 joellaptop nm-openvpn[16223]: TCP_CLIENT link local: (not bound)
Dec  6 11:54:36 joellaptop nm-openvpn[16223]: TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Dec  6 11:54:37 joellaptop nm-openvpn[16223]: [DSL-AC52U] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
Dec  6 11:54:38 joellaptop nm-openvpn[16223]: Preserving previous TUN/TAP instance: tun0
Dec  6 11:54:38 joellaptop nm-openvpn[16223]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 0 16217 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_44 --tun -- tun0 1500 1555 10.8.0.6 10.8.0.5 restart
Dec  6 11:54:38 joellaptop nm-openvpn[16223]: WARNING: Failed running command (--up/--down): could not execute external program
Dec  6 11:54:38 joellaptop nm-openvpn[16223]: Exiting due to fatal error
Dec  6 11:54:38 joellaptop dbus-daemon[2533]: [system] Activating service name='org.freedesktop.nm_dispatcher' requested by ':1.7' (uid=0 pid=2813 comm="/usr/sbin/NetworkManager ") (using servicehelper)
Dec  6 11:54:38 joellaptop dbus-daemon[2533]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Dec  6 11:54:38 joellaptop nm-dispatcher: req:1 'down' [tun0]: new request (2 scripts)
Dec  6 11:54:38 joellaptop nm-dispatcher: req:1 'down' [tun0]: start running ordered scripts...
Dec  6 11:54:38 joellaptop nm-dispatcher: req:2 'vpn-down' [tun0]: new request (2 scripts)
Dec  6 11:54:38 joellaptop nm-dispatcher: req:2 'vpn-down' [tun0]: start running ordered scripts...
Dec  6 11:54:39 joellaptop ntpd[2850]: Deleting interface #48 tun0, 10.8.0.6#123, interface stats: received=0, sent=0, dropped=0, active_time=145 secs
Dec  6 11:54:39 joellaptop ntpd[2850]: Deleting interface #49 tun0, fe80::44dc:e23f:520d:a4b4%24#123, interface stats: received=0, sent=0, dropped=0, active_time=145 secs

[joele]

Seems to be a specific error for my MX Linux laptop, I use the same OpenVPN config file on my phone and no timeout issues.

[JayM]

Please run MX Tools/Quick System Info, then right-click paste into a reply. (Quick System Info automatically copies the information to your clipboard, already formatted properly for pasting into the forum so all you have to do is a right-click/ paste, not a copy/paste.) Thanks.

[joele]

Code: Select all

System:    Host: joellaptop Kernel: 4.19.0-6-amd64 x86_64 bits: 64 compiler: gcc v: 8.3.0 
           parameters: BOOT_IMAGE=/vmlinuz-4.19.0-6-amd64 
           root=UUID=b2443301-f3ee-4bde-93e4-79cbb6d9f491 ro quiet splash 
           Desktop: Xfce 4.14.1 tk: Gtk 3.24.5 info: xfce4-panel wm: xfwm4 dm: LightDM 1.26.0 
           Distro: MX-19_x64 patito feo October 21  2019 base: Debian GNU/Linux 10 (buster) 
Machine:   Type: Laptop System: ASUSTeK product: ZenBook UX433FA_UX433FA v: 1.0 serial: <filter> 
           Mobo: ASUSTeK model: UX433FA v: 1.0 serial: <filter> UEFI: American Megatrends 
           v: UX433FA.308 date: 06/04/2019 
Battery:   ID-1: BAT0 charge: 47.1 Wh condition: 48.2/50.1 Wh (96%) volts: 11.9/11.9 
           model: ASUSTeK ASUS Battery type: Li-ion serial: <filter> status: Charging cycles: 34 
           Device-1: hidpp_battery_0 model: Logitech M720 Triathlon Multi-Device Mouse 
           serial: <filter> charge: 55% (should be ignored) rechargeable: yes 
           status: Discharging 
CPU:       Topology: Quad Core model: Intel Core i7-8565U bits: 64 type: MT MCP arch: Kaby Lake 
           family: 6 model-id: 8E (142) stepping: C (12) microcode: C6 L2 cache: 8192 KiB 
           flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 31872 
           Speed: 800 MHz min/max: 400/4600 MHz Core speeds (MHz): 1: 790 2: 799 3: 790 4: 800 
           5: 765 6: 799 7: 800 8: 800 
           Vulnerabilities: Type: itlb_multihit status: KVM: Split huge pages 
           Type: l1tf status: Not affected 
           Type: mds status: Not affected 
           Type: meltdown status: Not affected 
           Type: spec_store_bypass 
           mitigation: Speculative Store Bypass disabled via prctl and seccomp 
           Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization 
           Type: spectre_v2 mitigation: Enhanced IBRS, IBPB: conditional, RSB filling 
           Type: tsx_async_abort status: Not affected 
Graphics:  Device-1: Intel UHD Graphics 620 vendor: ASUSTeK driver: i915 v: kernel 
           bus ID: 00:02.0 chip ID: 8086:3ea0 
           Display: x11 server: X.Org 1.20.4 driver: modesetting unloaded: fbdev,vesa 
           resolution: 1920x1080~60Hz 
           OpenGL: renderer: Mesa DRI Intel HD Graphics (Whiskey Lake 3x8 GT2) 
           v: 4.5 Mesa 18.3.6 compat-v: 3.0 direct render: Yes 
Audio:     Device-1: Intel Cannon Point-LP High Definition Audio vendor: ASUSTeK 
           driver: snd_hda_intel v: kernel bus ID: 00:1f.3 chip ID: 8086:9dc8 
           Sound Server: ALSA v: k4.19.0-6-amd64 
Network:   Device-1: Intel Cannon Point-LP CNVi [Wireless-AC] driver: iwlwifi v: kernel 
           port: 4000 bus ID: 00:14.3 chip ID: 8086:9df0 
           IF: wlan0 state: up mac: <filter> 
Drives:    Local Storage: total: 476.94 GiB used: 265.34 GiB (55.6%) 
           ID-1: /dev/nvme0n1 vendor: Kingston model: RBUSNS8154P3512GJ2 size: 476.94 GiB 
           block size: physical: 512 B logical: 512 B speed: 15.8 Gb/s lanes: 2 serial: <filter> 
           rev: E8FK11.Q scheme: GPT 
Partition: ID-1: / raw size: 474.14 GiB size: 465.70 GiB (98.22%) used: 265.27 GiB (57.0%) 
           fs: ext4 dev: /dev/dm-0 
           ID-2: /boot raw size: 512.0 MiB size: 487.9 MiB (95.30%) used: 81.4 MiB (16.7%) 
           fs: ext4 dev: /dev/nvme0n1p2 
           ID-3: swap-1 size: 1.98 GiB used: 0 KiB (0.0%) fs: swap swappiness: 15 (default 60) 
           cache pressure: 100 (default) dev: /dev/dm-1 
Sensors:   System Temperatures: cpu: 49.0 C mobo: N/A 
           Fan Speeds (RPM): N/A 
Repos:     No active apt repos in: /etc/apt/sources.list 
           Active apt repos in: /etc/apt/sources.list.d/antix.list 
           1: deb http://iso.mxrepo.com/antix/buster buster main
           Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list 
           1: deb http://deb.debian.org/debian buster-updates main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/debian.list 
           1: deb http://deb.debian.org/debian buster main contrib non-free
           2: deb http://deb.debian.org/debian-security buster/updates main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/google-chrome.list 
           1: deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
           Active apt repos in: /etc/apt/sources.list.d/mx.list 
           1: deb http://mxrepo.com/mx/repo/ buster main non-free
           Active apt repos in: /etc/apt/sources.list.d/teamviewer.list 
           1: deb http://linux.teamviewer.com/deb stable main
           No active apt repos in: /etc/apt/sources.list.d/various.list 
           Active apt repos in: /etc/apt/sources.list.d/vivaldi.list 
           1: deb http://repo.vivaldi.com/stable/deb/ stable main
Info:      Processes: 266 Uptime: 4h 29m Memory: 15.48 GiB used: 1.55 GiB (10.0%) Init: SysVinit 
           v: 2.93 runlevel: 5 default: 5 Compilers: gcc: 8.3.0 alt: 8 Shell: bash v: 5.0.3 
           running in: quick-system-in inxi: 3.0.36 

[joele]

The settings from the Client.ovpn file just for good measure...

Code: Select all

remote xxx.xxx.xxx.xxx 1194
float
nobind
proto tcp (I have tried UPD and TCP but no difference)
dev tun
sndbuf 0
rcvbuf 0
keepalive 15 60
comp-lzo adaptive
auth-user-pass
client
auth SHA1
cipher AES-128-CBC
remote-cert-tls server

[joele]

OK some more info, it seems to be related to the "network manager applet", as if I connect from the command line like below, it works fine and holds the connection. just not as nice to use I guess...

Code: Select all

sudo openvpn --config client.ovpn

I do get "connection reset, restarting" every 5 minutes in the terminal window, but it reconnects and I never really notice it unless I watch the terminal window.. is that related?